Flagging requirements for Merchant Initiated Transactions (MIT’s)

Payvision_PSD2 Making complicated security regulations straightforward

SCA compliance

Everything you need to comply with PSD2’s allowances for Merchant Initiated Transactions (MITs). 

Why must you comply?

Upcoming PSD2 regulations require all online merchants and sellers to flag Transaction IDs when setting up initial MITs. Failing to comply with these rules will lead to issuers soft-declining MITs, which could harm your business.

The deadline for merchants to start utilizing the Scheme Transaction ID was September 14, 2019. The enforcement period will begin on January 1, 2021, when issuers will start to soft decline non-compliant transactions. So now’s the time to take action if you haven’t done so already.

 

What are Merchant Initiated Transactions?

MITs are a single, or a series of transactions that are for fixed or variable amounts – initiated at fixed or variable intervals – subject to an agreement set up between the merchant and the cardholder. The agreement is made during the first transaction a cardholder has authenticated and gives the merchant permission to initiate future transactions without the cardholder’s direct involvement.

 

PSD2 Allowances and requirements 

From a PSD2 perspective: MITs do not require Strong Customer Authentication (SCA) to be applied. However, the agreement to set up MITs needs to have SCA applied to it. The setup agreement must therefore be a Cardholder Initiated Transaction (CIT). This setup transaction can be for a $0 amount if necessary, with SCA applied if it is initiated via the e-commerce channel.

From a scheme transaction processing perspective: this means that the Scheme Transaction ID for the CIT used to set up the agreement must be provided in the MIT(s) as a reference, to help identify such transactions as being out of scope for SCA.

For all subsequent MITs, the reference provided must be the same used in the setup transaction. Transactions without a reference will be soft declined due to lack of SCA.

Note: A soft decline contains a Response Code of 65, which indicates that the transaction was declined specifically due to lack of SCA.

We strongly recommend utilizing the Scheme Transaction ID as early as possible to ensure that your MITs are processed compliantly well before the enforcement period commences. 

 

Payvision Flagging Requirements and Scheme Transaction IDs 

Payvision currently returns the Scheme Transaction ID for all Visa and Mastercard transactions in cases where it is received from the schemes in the Payvision v2 API’s “SchemeTransactionID” field.

This field is returned in the BankInformation entry of the Cdc. The value returned contains either the Visa Transaction ID or the Mastercard Trace ID.

Specification Reference: Technical Integration Appendix XII, Appendix A, Section “Scheme Transaction ID”

Example: "Cdc": [  

                 {  

                              "Items": [  

                              {  

                              "Key": "SchemeTransactionID",  

                              "Value": XXXXXXXXXXXXXXX  

                               }  

                               ],  

                              "Name": "BankInformation"  

                 }  

 ]  

For CITs used to set up a MIT agreement, this value must be stored. Payvision can process two types of MITs:

  • Subsequent Recurring Transactions
  • Unscheduled Credential On File Transactions 

When a MIT is initiated, the merchant must provide the Scheme Transaction ID returned in the setup CIT to Payvision in the Authorize or Payment call, and specify it in the Additional Info with the key “SchemeTransactionID”.

Specification Reference: Technical Integration Appendix XII, Section 10.9

 

Grandfathering of existing Merchant Initiated Transactions 

If the agreement was set up prior to September 14, 2019, or has been set up since but without SCA, merchants should collect the Scheme Transaction ID returned in the response of the last MIT linked to the agreement and provide it in the subsequent MIT.

All new MITs however, require a reference to the agreement setup with SCA.

Donny-2

Do you need more information?

Please reach out to your dedicated Account Manager, or the Payvision support team via support@payvision.com